[IMP] *: adapt to the new check_access API

closes odoo/documentation#10991 Related: odoo/odoo#179148 Related: odoo/enterprise#69425 Signed-off-by: Raphael Collet <rco@odoo.com>
2024-09-02 13:40:43 +02:00 · 2024-09-02 13:40:43 +02:00 · 16c6c0f492
commit 16c6c0f492
parent ca39c79dfe
3 changed files with 21 additions and 25 deletions
--- a/content/developer/reference/backend/orm/changelog.rst
+++ b/content/developer/reference/backend/orm/changelog.rst
@ -9,6 +9,9 @@ Odoo version 18.0

 - Searching by name is now implemented as `_search_display_name` like all other fields.
  See `#174967 <https://github.com/odoo/odoo/pull/174967>`_.
+- New methods to check access rights and rules now combine both access rights
+  and rules: `check_access`, `has_access` and `_filtered_access`.
+  See `#179148 <https://github.com/odoo/odoo/pull/179148>`_.


 Odoo Online version 17.4
--- a/content/developer/reference/external_api.rst
+++ b/content/developer/reference/external_api.rst
@ -324,27 +324,26 @@ Each call to ``execute_kw`` takes the following parameters:

 .. example::

-   For instance, to see if we can read the ``res.partner`` model, we can call
-   ``check_access_rights`` with ``operation`` passed by position and
-   ``raise_exception`` passed by keyword (in order to get a true/false result
-   rather than true/error):
+   For instance, to search for records in the ``res.partner`` model, we can call
+   ``name_search`` with ``name`` passed by position and ``limit`` passed by
+   keyword (in order to get maximum 10 results):

   .. tabs::

      .. code-tab:: python

         models = xmlrpc.client.ServerProxy('{}/xmlrpc/2/object'.format(url))
-         models.execute_kw(db, uid, password, 'res.partner', 'check_access_rights', ['read'], {'raise_exception': False})
+         models.execute_kw(db, uid, password, 'res.partner', 'name_search', ['foo'], {'limit': 10})

      .. code-tab:: ruby

         models = XMLRPC::Client.new2("#{url}/xmlrpc/2/object").proxy
-         models.execute_kw(db, uid, password, 'res.partner', 'check_access_rights', ['read'], {raise_exception: false})
+         models.execute_kw(db, uid, password, 'res.partner', 'name_search', ['foo'], {limit: 10})

      .. code-tab:: php

         $models = ripcord::client("$url/xmlrpc/2/object");
-         $models->execute_kw($db, $uid, $password, 'res.partner', 'check_access_rights', array('read'), array('raise_exception' => false));
+         $models->execute_kw($db, $uid, $password, 'res.partner', 'name_search', array('foo'), array('limit' => 10));

      .. code-tab:: java

@ -355,9 +354,9 @@ Each call to ``execute_kw`` takes the following parameters:
         }};
         models.execute("execute_kw", asList(
             db, uid, password,
-             "res.partner", "check_access_rights",
-             asList("read"),
-             new HashMap() {{ put("raise_exception", false); }}
+             "res.partner", "name_search",
+             asList("foo"),
+             new HashMap() {{ put("limit", 10); }}
         ));

      .. code-tab:: go
@ -369,9 +368,9 @@ Each call to ``execute_kw`` takes the following parameters:
         var result bool
         if err := models.Call("execute_kw", []any{
             db, uid, password,
-             "res.partner", "check_access_rights",
-             []string{"read"},
-             map[string]bool{"raise_exception": false},
+             "res.partner", "name_search",
+             []string{"foo"},
+             map[string]bool{"limit": 10},
         }, &result); err != nil {
             log.Fatal(err)
         }
--- a/content/developer/tutorials/restrict_data_access.rst
+++ b/content/developer/tutorials/restrict_data_access.rst
@ -355,21 +355,15 @@ Explicit security checks can be performed by:
  specific models or records.
 * Checking that the current user has specific groups hard-coded to allow or deny
  an operation (``self.env.user.has_group``).
-* Calling the ``check_access_rights(operation)`` method on a recordset, this
-  verifies whether the current user has access to the model itself.
-* Calling ``check_access_rule(operations)`` on a non-empty recordset, this
-  verifies that the current user is allowed to perform the operation on *every*
-  record of the set.
-
-.. warning:: Checking access rights and checking record rules are separate
-             operations, if you're checking record rules you usually want to
-             also check access rights beforehand.
+* Calling ``check_access(operations)`` on a recordset, this verifies that the
+  current user is allowed to perform the operation on *every* record of the set.
+  As a special case, when the recordset is empty, it verifies that the current
+  user has some access rights to perform the operation on the model in general.

 .. exercise::

-    Before creating the invoice, use ``check_access_rights`` and
-    ``check_access_rule`` to ensure that the current user can update properties
-    in general as well as the specific property the invoice is for.
+    Before creating the invoice, use ``check_access`` to ensure that the current
+    user can update the property the invoice is for.

    Re-run the bypass script, check that the error occurs before the print.